Abstract

Since the 1980s, two approaches have been developed for analyzing
security protocols. One of the approaches relies on a computational
model that considers issues of complexity and probability. This
approach captures a strong notion of security, guaranteed
against all probabilistic polynomial-time attacks. The other approach
relies on a symbolic model of protocol executions in which
cryptographic primitives are treated as black boxes. Since the seminal
work of Dolev and Yao, it has been realized that this latter approach
enables significantly simpler and often automated proofs. However, the
guarantees that it offers have been quite unclear.

In this paper, we show that it is possible to obtain the best of both
worlds: fully automated proofs and strong, clear security
guarantees. Specifically, for the case of protocols that use signatures
and asymmetric encryption, we establish that symbolic integrity and
secrecy proofs are sound with respect to the computational model.
%Our results rely only on standard assumptions on the security of the
%cryptographic primitives.
The main new challenges concern secrecy properties for which we obtain
the first soundness result for the case of active adversaries.
Our proofs are carried out using Casrul, a fully automated tool.